The inventive concepts described herein relate to an electronic device, and more particularly, relate to a user device to perform password-based user authentication and password registration and authentication methods thereof.
As the internet, communication lines, computers, and mobile devices are rapidly developed, there are provided wire and wireless internet-based services such as shopping, games, chatting, and electronic payment. Also, games, payments, and internet connections using a mobile device may increase due to a rapid supply of a handheld personal terminal and a growth of a wireless environment. In addition, there may be an increase in the demand for electronic devices that may use a security function.
The user authentication may be a procedure where a user utilizes a service based on a wire or wireless network or terminal. That is, the use of devices or networks and allowance on entrance are determined via user authentication, and a service is provided according to the determination result. A typical user authentication system is a password-based authentication system that uses a user's ID or password.
The password-based user authentication typically consists of user registration and user authentication. The user registration may be made for a user to register ID and password in a system. Upon the user registration, authentication data is generated by processing an input password according to a cryptography algorithm. The authentication data and ID may be stored in an authentication database of a system. Afterwards, the user authentication may be executed if a user inputs the ID and password while using a service of a system. If the user inputs the ID and password in the system for user authentication, the password is processed according to a cryptography algorithm that is equal to a cryptography algorithm used at the user registration. And then, whether the user is authenticated is determined based on comparison with the password and authentication data of an ID stored in database.
In the user authentication in which a password is used, however, a cryptography algorithm for processing the password or authentication data generated by the cryptography algorithm may be exposed to an aggressor. The exposed cryptography algorithm or authentication data may be a target of an Exhaustive Search Attack that is used to restore a user's password. In particular, as parallel computing environments, such as GPU (Graphics Processing Unit) or FPGA (Field Programmable Gate Array) techniques are developed, a time taken to perform the Exhaustive Search Attack is shortened. The reason is that the number of password restoration processes capable of being performed in parallel increases. Thus, techniques for overcoming the drawback that the password-based user authentication system is vulnerable to the Exhaustive Search Attack may be desirable.